Safely send password when executing build through buildQueue REST API
Hello everyone,
Wanted to ask if there is possibility to execute build with /app/rest/buildQueue that would contain property which is password inside TeamCity (settings are versioned) without setting value directly inside rest body.
First thing I was thinking about was possibility to re-use of Tokens and setting credentialsJSON as value, like below:
{
"buildTypeId":"mybuildtypeid",
"properties":{
"property":[
{
"name":"random_parameter",
"value":"credentialsJSON:1287dcf7-dd02-49d6-86da-33ffa7da0970"
}
]
}
}
But this sends "credentialsJSON:1287dcf7-dd02-49d6-86da-33ffa7da0970" part as plain text password instead of getting password from tokens.
Am I missing something or plain text in rest body is actually only way to set password parameter?
Please sign in to leave a comment.
It is possible to scramble the secure value in your REST API request using your TeamCity server's encryption key. To find the encrypted value of your text, run this query:
GET {teamcity_url}/app/rest/debug/values/password/scrambled?value=<text to scramble>You should get a response that looks something like this:
This value can be sent as your parameter value:
{"buildTypeId":"mybuildtypeid",
"properties":{
"property":[
{
"name":"random_parameter",
"value":"scrambled:c2NyYW1ibGVkUGFzz3dvcmQ="
}
]
}
}
One important note: If you decide to go this route, please consider configuring a Custom Encryption Key for your TeamCity server.